cvelistv5 - cve-2025-3770

CVE-2025-3770 (GCVE-0-2025-3770)

Vulnerability from cvelistv5

Published

2025-08-07 00:42

Modified

2025-08-07 13:28

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-693 - Protection Mechanism Failure

Summary

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

References

►

URL

Tags

infosec@edk2.groups.io

https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

Impacted products

	Vendor	Product	Version
	TianoCore	EDK2	Version: 0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-07T13:28:05.514885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-07T13:28:12.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "UefiCpuPkg",
          "product": "EDK2",
          "vendor": "TianoCore",
          "versions": [
            {
              "lessThanOrEqual": "edk2-stable202505",
              "status": "affected",
              "version": "0",
              "versionType": "Custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Domas"
        }
      ],
      "datePublic": "2025-08-07T00:41:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability."
            }
          ],
          "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T00:42:14.628Z",
        "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "shortName": "TianoCore"
      },
      "references": [
        {
          "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SMM IDT Privilege Escalation Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
    "assignerShortName": "TianoCore",
    "cveId": "CVE-2025-3770",
    "datePublished": "2025-08-07T00:42:14.628Z",
    "dateReserved": "2025-04-17T16:10:59.678Z",
    "dateUpdated": "2025-08-07T13:28:12.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-3770\",\"sourceIdentifier\":\"infosec@edk2.groups.io\",\"published\":\"2025-08-07T01:15:25.713\",\"lastModified\":\"2025-08-07T21:26:37.453\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.\"},{\"lang\":\"es\",\"value\":\"EDK2 contiene una vulnerabilidad en la BIOS que permite a un atacante provocar un fallo del mecanismo de protecci\u00f3n mediante acceso local. La explotaci\u00f3n exitosa de esta vulnerabilidad provocar\u00e1 la ejecuci\u00f3n de c\u00f3digo arbitrario y afectar\u00e1 la confidencialidad, la integridad y la disponibilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"infosec@edk2.groups.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"infosec@edk2.groups.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]}],\"references\":[{\"url\":\"https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr\",\"source\":\"infosec@edk2.groups.io\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3770\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-07T13:28:05.514885Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-07T13:28:09.458Z\"}}], \"cna\": {\"title\": \"SMM IDT Privilege Escalation Vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Christopher Domas\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TianoCore\", \"product\": \"EDK2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"Custom\", \"lessThanOrEqual\": \"edk2-stable202505\"}], \"packageName\": \"UefiCpuPkg\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-08-07T00:41:00.000Z\", \"references\": [{\"url\": \"https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"EDK2 contains a vulnerability in BIOS where an attacker may cause \\u201cProtection Mechanism Failure\\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"EDK2 contains a vulnerability in BIOS where an attacker may cause \\u201cProtection Mechanism Failure\\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-693\", \"description\": \"CWE-693: Protection Mechanism Failure\"}]}], \"providerMetadata\": {\"orgId\": \"65518388-201a-4f93-8712-366d21fe8d2c\", \"shortName\": \"TianoCore\", \"dateUpdated\": \"2025-08-07T00:42:14.628Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-3770\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-07T13:28:12.175Z\", \"dateReserved\": \"2025-04-17T16:10:59.678Z\", \"assignerOrgId\": \"65518388-201a-4f93-8712-366d21fe8d2c\", \"datePublished\": \"2025-08-07T00:42:14.628Z\", \"assignerShortName\": \"TianoCore\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-3770

Vulnerability from fkie_nvd